CVE-2026-25637 – A memory leak vulnerability in ImageMagick's AS... (How to Fix)

Q: What is the severity of CVE-2026-25637?

CVE-2026-25637 has a CVSS score of 5.3 (MEDIUM). A memory leak vulnerability in ImageMagick's ASHLAR image writer allows attackers to cause denial of service by exhausting process memory through crafted images. This affects all systems running vulnerable versions of ImageMagick that process untrusted image files. The vulnerability is particularly relevant for web applications and services that use ImageMagick for image processing.

📋 TL;DR

A memory leak vulnerability in ImageMagick's ASHLAR image writer allows attackers to cause denial of service by exhausting process memory through crafted images. This affects all systems running vulnerable versions of ImageMagick that process untrusted image files. The vulnerability is particularly relevant for web applications and services that use ImageMagick for image processing.

💻 Affected Systems

Products:

ImageMagick
Magick.NET
Any software using ImageMagick library

Versions: All versions prior to 7.1.2-15

Operating Systems: All platforms running ImageMagick

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing ASHLAR format images. Systems that convert or process untrusted images are most at risk.

📦 What is this software?

Imagemagick by Imagemagick

View all CVEs affecting Imagemagick →

Magick.net by Dlemstra

View all CVEs affecting Magick.net →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service causing application crashes, service unavailability, and potential system instability due to memory exhaustion.

🟠

Likely Case

Degraded performance, intermittent crashes, and resource exhaustion affecting image processing functionality.

🟢

If Mitigated

Minimal impact with proper input validation, resource limits, and isolation of image processing components.

🌐 Internet-Facing: MEDIUM - Web applications accepting image uploads are vulnerable, but exploitation requires specific crafted images.

🏢 Internal Only: LOW - Internal systems typically process trusted images, reducing attack surface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific ASHLAR format images. No public exploit code has been observed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.1.2-15

Vendor Advisory: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p258

Restart Required: Yes

Instructions:

1. Update ImageMagick to version 7.1.2-15 or later. 2. For Magick.NET, update to version 14.10.3 or later. 3. Restart all services using ImageMagick.

🔧 Temporary Workarounds

Disable ASHLAR format processing

all

Remove or disable ASHLAR format support in ImageMagick policy.xml

Edit /etc/ImageMagick-7/policy.xml or equivalent
Add: <policy domain="coder" rights="none" pattern="ASHLAR" />

Implement resource limits

linux

Set memory and resource limits for ImageMagick processes

ulimit -v 1048576
Set memory limits in container/pod configurations

🧯 If You Can't Patch

Implement strict input validation to reject suspicious or malformed image files
Isolate image processing to dedicated containers/instances with resource limits

🔍 How to Verify

Check if Vulnerable:

Check ImageMagick version with: convert --version | grep Version

Check Version:

convert --version | grep Version

Verify Fix Applied:

Verify version is 7.1.2-15 or later: convert --version | grep 'Version: ImageMagick 7.1.2-15'

📡 Detection & Monitoring

Log Indicators:

Memory allocation failures
Process crashes with out-of-memory errors
High memory usage by ImageMagick processes

Network Indicators:

Unusual image upload patterns
Multiple failed image processing requests

SIEM Query:

process.name:"convert" AND (memory.usage > 90% OR exit_code:137)

📊 Metadata

CVE ID: CVE-2026-25637

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-401

Published: February 24, 2026

Last Updated: February 27, 2026

🔗 References

https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22f57c8901137 Patch
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p258 Vendor Advisory
https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3 Product,Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-25637, you might also want to check these: